Department of Defense INSTRUCTION

Transcription

1 Department of Defense INSTRUCTION NUMBER March 14, 2014 DoD CIO SUBJECT: Cybersecurity References: See Enclosure 1 1. PURPOSE. This instruction: a. Reissues and renames DoD Directive (DoDD) E (Reference (a)) as a DoD Instruction (DoDI) pursuant to the authority in DoDD (Reference (b)) to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT). b. Incorporates and cancels DoDI (Reference (c)), DoDD C (Reference (d)), DoDI (Reference (e)), Assistant Secretary of Defense for Networks and Information Integration (ASD(NII))/DoD Chief Information Officer (DoD CIO) Memorandums (References (f) through (k)), and Directive-type Memorandum (DTM) (Reference (l)). c. Establishes the positions of DoD principal authorizing official (PAO) (formerly known as principal accrediting authority) and the DoD Senior Information Security Officer (SISO) (formerly known as the Senior Information Assurance Officer) and continues the DoD Information Security Risk Management Committee (DoD ISRMC) (formerly known as the Defense Information Systems Network (DISN)/Global Information Grid (GIG) Flag Panel). d. Adopts the term cybersecurity as it is defined in National Security Presidential Directive-54/Homeland Security Presidential Directive-23 (Reference (m)) to be used throughout DoD instead of the term information assurance (IA). 2. APPLICABILITY a. This instruction applies to: (1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the DoD Components ).

2 (2) All DoD IT. (3) All DoD information in electronic format. (4) Special access program (SAP) information technology, other than SAP ISs handling sensitive compartmented information (SCI) material. b. Nothing in this instruction alters or supersedes the existing authorities and policies of the Director of National Intelligence (DNI) regarding the protection of SCI as directed by Executive Order (Reference (n)) and other laws and regulations. 3. POLICY. It is DoD policy that: a. Risk Management (1) DoD will implement a multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets from the DoD Information Enterprise level, through the DoD Component level, down to the IS level as described in National Institute of Standards and Technology (NIST) Special Publication (SP) (Reference (o)) and Committee on National Security Systems (CNSS) Policy (CNSSP) 22 (Reference (p)). (2) Risks associated with vulnerabilities inherent in IT, global sourcing and distribution, and adversary threats to DoD use of cyberspace must be considered in DoD employment of capabilities to achieve objectives in military, intelligence, and business operations. (3) All DoD IT will be assigned to, and governed by, a DoD Component cybersecurity program that manages risk commensurate with the importance of supported missions and the value of potentially affected information or assets. (4) Risk management will be addressed as early as possible in the acquisition of IT and in an integrated manner across the IT life cycle. (5) Documentation regarding the security posture of DoD IS and PIT systems will be made available to promote reciprocity as described in DoDI (Reference (q)) and to assist authorizing officials (AOs) (formerly known as designated approving or accrediting authorities) from other organizations in making credible, risk-based decisions regarding the acceptance and use of systems and the information that they process, store, or transmit. b. Operational Resilience. DoD IT will be planned, developed, tested, implemented, evaluated, and operated to ensure that: (1) Information and services are available to authorized users whenever and wherever required according to mission needs, priorities, and changing roles and responsibilities. 2

3 (2) Security posture, from individual device or software object to aggregated systems of systems, is sensed, correlated, and made visible to mission owners, network operators, and to the DoD Information Enterprise consistent with DoDD (Reference (r)). (3) Whenever possible, technology components (e.g., hardware and software) have the ability to reconfigure, optimize, self-defend, and recover with little or no human intervention. Attempts made to reconfigure, self-defend, and recover should produce an incident audit trail. c. Integration and Interoperability (1) Cybersecurity must be fully integrated into system life cycles and will be a visible element of organizational, joint, and DoD Component IT portfolios. (2) Interoperability will be achieved through adherence to DoD architecture principles, adopting a standards-based approach, and by all DoD Components sharing the level of risk necessary to achieve mission success. (3) All interconnections of DoD IT will be managed to minimize shared risk by ensuring that the security posture of one system is not undermined by vulnerabilities of interconnected systems. d. Cyberspace Defense. Cyberspace defense will be employed to protect, detect, characterize, counter, and mitigate unauthorized activity and vulnerabilities on DoD information networks. Cyberspace defense information will be shared with all appropriately cleared and authorized personnel in support of DoD enterprise-wide situational awareness. e. Performance (1) Implementation of cybersecurity will be overseen and governed through the integrated decision structures and processes described in this instruction. (2) Performance will be measured, assessed for effectiveness, and managed relative to contributions to mission outcomes and strategic goals and objectives, in accordance with Sections and of Title 40, United States Code (U.S.C.) (Reference (s)). (3) Data will be collected to support reporting and cybersecurity management activities across the system life cycle. (4) Standardized IT tools, methods, and processes will be used to the greatest extent possible to eliminate duplicate costs and to focus resources on creating technologically mature and verified solutions. f. DoD Information. All DoD information in electronic format will be given an appropriate level of confidentiality, integrity, and availability that reflects the importance of both information sharing and protection. 3

4 g. Identity Assurance (1) Identity assurance must be used to ensure strong identification, authentication, and eliminate anonymity in DoD IS and PIT systems. (2) DoD will public key-enable DoD ISs and implement a DoD-wide Public Key Infrastructure (PKI) solution that will be managed by the DoD PKI Program Management Office in accordance with DoDI (Reference (t)). (3) Biometrics used in support of identity assurance will be managed in accordance with DoDD (Reference (u)). h. Information Technology (1) All IT that receives, processes, stores, displays, or transmits DoD information will be acquired, configured, operated, maintained, and disposed of consistent with applicable DoD cybersecurity policies, standards, and architectures. (2) Risks associated with global sourcing and distribution, weaknesses or flaws inherent in the IT, and vulnerabilities introduced through faulty design, configuration, or use will be managed, mitigated, and monitored as appropriate. (3) Cybersecurity requirements must be identified and included throughout the lifecycle of systems including acquisition, design, development, developmental testing, operational testing, integration, implementation, operation, upgrade, or replacement of all DoD IT supporting DoD tasks and missions. i. Cybersecurity Workforce (1) Cybersecurity workforce functions must be identified and managed, and personnel performing cybersecurity functions will be appropriately screened in accordance with this instruction and DoD R (Reference (v)), and qualified in accordance with DoDD (Reference (w)) and supporting issuances. (2) Qualified cybersecurity personnel must be identified and integrated into all phases of the system development life cycle. j. Mission Partners (1) Capabilities built to support cybersecurity objectives that are shared with mission partners will be consistent with guidance contained in Reference (r) and governed through integrated decision structures and processes described in this instruction. 4

5 (2) DoD-originated and DoD-provided information residing on mission partner ISs must be properly and adequately safeguarded, with documented agreements indicating required levels of protection. 4. RESPONSIBILITIES. See Enclosure PROCEDURES. See Enclosure INFORMATION COLLECTION REQUIREMENTS. The DoD Federal Information Security Management Act (FISMA) Annual Report with Quarterly Updates, referred to in paragraphs 1v and 13q of Enclosure 2 and paragraph 12i of Enclosure 3 of this instruction, has been assigned report control symbol DD-CIO(A,Q)2296 in accordance with the procedures in DTM (Reference (x)) and DoD M (Reference (y)). 7. RELEASABILITY. Unlimited. This instruction is approved for public release and is available on the Internet from the DoD Issuances Website at 8. EFFECTIVE DATE. This instruction: a. Is effective March 14, b. Must be reissued, cancelled, or certified current within 5 years of its publication to be considered current in accordance with DoDI (Reference (z)). c. Will expire effective March 14, 2024 and be removed from the DoD Issuances Website if it hasn t been reissued or cancelled in accordance with Reference (z). Enclosures 1. References 2. Responsibilities 3. Procedures Glossary Teresa M. Takai DoD Chief Information Officer 5

14 ENCLOSURE 2 RESPONSIBILITIES 1. DoD CIO. The DoD CIO: a. Monitors, evaluates, and provides advice to the Secretary of Defense regarding all DoD cybersecurity activities and oversees implementation of this instruction. b. Develops and establishes DoD cybersecurity policy and guidance consistent with this instruction and in accordance with applicable federal law and regulations. c. Appoints a DoD SISO in accordance with section 3541 of Title 44, U.S.C. (Reference (aa)). d. Coordinates with the Under Secretary of Defense for Policy (USD(P)) to ensure that cybersecurity strategies and policies are aligned with overarching DoD cyberspace policy and, in accordance with DoDD (Reference (ab)), support policies relating to the disclosure of classified military information to foreign governments and international organizations. e. Coordinates with the Under Secretary of Defense for Personnel and Readiness (USD(P&R)) to: (1) Ensure personnel identity policies and cybersecurity policies and capabilities are aligned and mutually supportive. (2) Develop cybersecurity workforce management policies and capabilities to support identification and qualifications for a professional cybersecurity workforce. f. Coordinates with the Under Secretary of Defense for Intelligence (USD(I)) to ensure that cybersecurity policies and capabilities are aligned with and mutually supportive of personnel, physical, industrial, information, and operations security policies and capabilities. g. Coordinates with NIST in development of cybersecurity-related standards and guidelines. h. Maintains a formal coordination process with the Intelligence Community (IC) Chief Information Officer (CIO) to ensure proper protection of IC information within DoD, reciprocity of IS authorization and cybersecurity risk management processes, and alignment of cybersecurity. i. Coordinates with the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)) to ensure that cybersecurity responsibilities are integrated into processes for DoD acquisition programs, including research and development. 14 ENCLOSURE 2

15 j. Coordinates with the Director, Operational Test and Evaluation (DOT&E) to ensure that cybersecurity responsibilities are integrated into the operational testing and evaluation for DoD acquisition programs. k. Coordinates and advocates resources for DoD-wide cybersecurity solutions, including overseeing appropriations allocated to the DoD cybersecurity program. l. Appoints a PAO for DoD ISs and PIT systems governed by the Enterprise Information Environment Mission Area (MA) (EIEMA) as described in DoDD (Reference (ac)). m. Coordinates with the DoD MA owners to ensure that cybersecurity responsibilities are addressed for all DoD IT. n. Coordinates with the USD(P) and USD(I) on integrating Defense Industrial Base (DIB) cybersecurity threat information-sharing activities and enhancing DoD and DIB cyber situational awareness in accordance with DoDI (Reference (ad)) and in support of DoDD (Reference (ae)). o. Develops policy for negotiating, performing, and concluding agreements with international partners to engage in cooperative international cybersecurity activities, in coordination with the USD(P), USD(I), and the Director, National Security Agency (NSA)/Chief, Central Security Service (DIRNSA/CHCSS). p. Negotiates and concludes agreements with international partners to engage in cooperative international cybersecurity and cyberspace defense activities, according to authority described in Deputy Secretary of Defense Memorandum (Reference (af)) and subject to the provisions of DoDD (Reference (ag)), in coordination with the: (1) USD(P). (2) General Counsel of the Department of Defense. (3) Under Secretary of Defense (Comptroller)/Chief Financial Officer, Department of Defense. (4) USD(I), when such agreements materially affect cleared industry. (5) CJCS. q. Establishes policy for the life cycle management of cross-domain (CD) solutions (CDSs). This policy will address shared risk, in coordination with the IC CIO and with the direct support from the DoD/IC Unified Cross Domain Management Office (UCDMO) in accordance with Joint DoD/IC Memorandum (Reference (ah)) and the UCDMO Charter (Reference (ai)). 15 ENCLOSURE 2

16 r. Develops and implements policy regarding continuous monitoring of DoD IT with direct support from NSA/CSS and Defense Information Systems Agency (DISA), and input from the other DoD Components. s. Appoints a military officer in the grade of O-6 or an equivalent civilian employee as the Defense IA Security Accreditation Working Group (DSAWG) Chair. t. Develops and implements policy for cybersecurity workforce awareness, education, training, and qualification in coordination with the USD(P&R). u. Maintains a Defense-wide view of cybersecurity resources that supports national, organizational, joint, and DoD Component cybersecurity program planning. v. Conducts an annual assessment of DoD Component cybersecurity programs as required by section 3545 of Reference (aa). w. Co-chairs the Enterprise-wide IA and Computer Network Defense Solutions Steering Group (ESSG) in accordance with the ASD(NII)/DoD CIO/Commander, U.S. Strategic Command Memorandum (Reference (aj)). x. Ensures that compromising emanations (i.e., TEMPEST) countermeasures implemented within DoD comply with current national policies. y. Ensures compliance with the requirements of National Security Directive 42 (Reference (ak)) and collaborate with the DIRNSA/CHCSS on the performance of DIRNSA/CHCSS duties, pursuant to Reference (ak), as the National Manager for National Security Telecommunications and Information Systems Security. 2. DIRECTOR, DISA. Under the authority, direction, and control of the DoD CIO and in addition to the responsibilities in section 13 of this enclosure, the Director, DISA: a. Develops, implements, and, in coordination with Commander, U.S. Strategic Command (USSTRATCOM), manages cybersecurity for the DISN, consistent with this instruction and its supporting guidance. b. Develops and maintains control correlation identifiers (CCIs), security requirements guides (SRGs), security technical implementation guides (STIGs), and mobile code risk categories and usage guides that implement and are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures, with the support of the NSA/CSS, using input from stakeholders, and using automation whenever possible. c. Develops or acquires solutions that support cybersecurity objectives for use throughout DoD via the ESSG process in accordance with Reference (aj). d. Establishes and maintains the IA Support Environment (IASE) in accordance with 16 ENCLOSURE 2

17 Office of Management and Budget Circular A-130 (Reference (al)) as the DoD knowledge repository for cybersecurity related policy, guidance, and information. e. Oversees and maintains the connection approval process in accordance with CJCS Instruction (CJCSI) (Reference (am)), CD connection policy as issued by DoD CIO, DoDI (Reference (an)), and DoDI (Reference (ao)) for the DISN (e.g., the Secret Internet Protocol Router Network (SIPRNet) and the Non-Classified Internet Protocol Router Network (NIPRNet)) in coordination with the DSAWG (Reference (ap)) and DoD ISRMC (Reference (aq)), when appropriate. f. Facilitates multinational information sharing efforts, as well as information sharing between the DoD Components and eligible foreign nations in support of approved international cybersecurity and cyberspace defense agreements. g. Supports training, exercises, workforce development, network evaluation, and other efforts to build international partner cybersecurity and cyberspace defense capacity. h. Provides enterprise CD services compliant with the UCDMO-managed CDS Baseline List of validated solutions posted on the SIPRNet and the Joint Worldwide Intelligence Communications System (JWICS) UCDMO Intelink sites. Working with UCDMO, integrates new CD requirements into DoD Enterprise CD services. i. Ensures the continued development and maintenance of guidance and standards procedures to catalog, regulate, and control the use and management of Internet protocols, data services, and associated ports on DoD networks, in accordance with Reference (an). j. Develops and provides cybersecurity training and awareness products and a distributive training capability to support the DoD Components in accordance with Reference (w) and post the training materials on the IASE Website (http://iase.disa.mil/). k. Conducts command cyber readiness inspections and operational risk assessments in support of USSTRATCOM. l. Coordinates with the USD(I) to ensure command cyber readiness inspection guidance and metrics provide a unity of effort among the security disciplines (i.e., personnel, physical, industrial, information, operations, and cybersecurity). 3. USD(AT&L). The USD(AT&L): a. Integrates policies established in this instruction and its supporting guidance into acquisition policy, regulations, and guidance consistent with DoDD (Reference (ar)). b. Through the Assistant Secretary of Defense for Research and Engineering, monitors and oversees all DoD cybersecurity research and engineering investments, including research at the NSA. 17 ENCLOSURE 2

18 c. Integrates cybersecurity assessments into developmental testing and evaluation. d. Establishes and maintains the Cybersecurity and Information Assurance Center (formerly IA Technology Analysis Center) in accordance with DoDI (Reference (as)). e. Ensures that the DoD acquisition process incorporates cybersecurity planning, implementation, testing, and evaluation consistent with Reference (q), DoDI (Reference (at)), DoDD (Reference (au)), DoDI (Reference (av)), DoDI (Reference (aw)), section 1043 of Public Law (Reference (ax)), and this instruction, in coordination with the DoD CIO. f. Assists with acquisition-related (e.g., research, development, test and evaluation (T&E)) agreements, and international cybersecurity and cyberspace defense negotiations and agreements, in accordance with Reference (ag), as needed. g. Ensures that PIT systems included in acquisition programs are designated, categorized, and have their authorization boundaries defined according to the guidelines provided in Reference (q). h. Ensures that policy and procedures for developing program protection plans (PPPs) required by DoDI (Reference (ay)) address cybersecurity in accordance with this instruction. i. Defines, develops, and integrates systems security engineering (SSE) into the systems engineering workforce and curriculum in accordance with DoDI (Reference (az)). j. Ensures that acquisition community personnel with IT development responsibilities are qualified in accordance with Reference (w) and DoD M (Reference (ba)). k. Coordinates with the DoD Test Resource Management Center (TRMC) for establishment of developmental T&E (DT&E) specific cybersecurity architectures and requirements. 4. DEPUTY ASSISTANT SECRETARY OF DEFENSE FOR DT&E (DASD(DT&E)). Under the authority, direction, and control of the USD(AT&L), the DASD(DT&E): a. Exercises oversight responsibility for developmental test planning in support of interoperability and cybersecurity for programs acquiring DoD IS and PIT systems in accordance with DoDI (Reference (bb)). b. Establishes procedures to ensure that cognizant DT&E authorities for acquisition programs verify that adequate DT&E to support cybersecurity is planned, resourced, documented, and can be executed in a timely manner prior to approval of program documents. 18 ENCLOSURE 2

19 5. DOT&E. The DOT&E: a. Develops and provides policy for cybersecurity testing and evaluation during operational evaluations within DoD, including, but not limited to the DOT&E Memorandum (Reference (bc)) describing the cybersecurity testing process, clarified by updates in the DOT&E Memorandums (References (bd) and (be)). b. Conducts independent cybersecurity assessments during operational test and evaluation (OT&E) for systems under acquisition and reports the findings as part of the acquisition process. c. Oversees cybersecurity assessments by test agencies during both acquisition and exercise events as mandated by relevant statutory requirements. d. Reviews and approves cybersecurity OT&E documentation for all IT, IS, PIT, and special interest programs as required. 6. USD(P). The USD(P): a. Coordinates with the DoD CIO to ensure that cybersecurity strategies, policies, and capabilities are aligned with overarching DoD cyberspace policy, and are supportive of policies and capabilities relating to the disclosure of classified military information to foreign governments and international organizations in accordance with Reference (ab). b. Coordinates with the DoD CIO on international cybersecurity and cyberspace defense strategies and policies, as well as the negotiating, performing, and concluding agreements with international partners to engage in cooperative, international cybersecurity and cyberspace defense activities in accordance with Reference (af). c. Coordinates with the DoD CIO on enhancing DoD and DIB cyber situational awareness in accordance with Reference (ad) and in support of Reference (ae). 7. USD(P&R). The USD(P&R) supports implementation of cybersecurity requirements for effective manning, management, and readiness assessment of the cybersecurity workforce in accordance with References (w) and (ba). 8. USD(I). The USD(I): a. Coordinates with the DoD CIO on development and implementation of cybersecurity policy, guidance, procedures, and controls related to personnel, physical, industrial, information and operations security. 19 ENCLOSURE 2

20 b. Coordinates with the DoD CIO and the USD(P) on intelligence-related international cybersecurity and cyberspace defense strategies, policies, and agreements with international partners. c. Appoints the PAO for DoD ISs and PIT systems governed by the DoD portion of the Intelligence Mission Area (DIMA) as described in Reference (ac). 9. DIRNSA/CHCSS. Under the authority, direction, and control of the USD(I), and in addition to the cybersecurity-related responsibilities in DoDD (Reference (bf)) and the responsibilities in section 13 of this enclosure, the DIRNSA/CHCSS: a. Supports the DoD CIO by providing cybersecurity architecture and mechanisms to support Defense military, intelligence, and business functions, including but not limited to cryptography, PKI, and IS security engineering services. b. Evaluates or validates security implementation specifications described in this instruction. c. Provides cybersecurity support to the DoD Components in order to assess threats to, and vulnerabilities of, information technologies. d. Engages the cybersecurity industry and DoD user community to foster development, evaluation, and deployment of cybersecurity solutions that satisfy the guidance in this instruction. e. Provides SSE services to the DoD Components, including describing information protection needs, properly selecting and implementing appropriate security controls, and assessing the effectiveness of system security. f. Supports the development of NIST publications and provides engineering support and other technical assistance for their implementation within DoD. g. Develops SSE training and qualification programs and oversees continuing education requirements for all trained IS security engineers and cybersecurity architects throughout DoD in accordance with Reference (ba). h. Serves as the DoD focal point for the National IA Partnership and establishes criteria and processes for evaluating and validating all IA and IA-enabled products in accordance with CNSSP 11 (Reference (bg)). i. Develops and issues security implementation specifications for the configuration of IAand IA-enabled products (e.g., security configuration guides) and supports DISA in the development of SRGs and STIGs. 20 ENCLOSURE 2

Cybersecurity and the Risk Management Framework Wherewe ve been and where we re going Information Assurance DoD Instruction 8500.01,Para 1(d),adoptsthe term cybersecurity as it is defined in National Security

Department of Defense DIRECTIVE NUMBER 5105.77 October 30, 2015 DCMO SUBJECT: National Guard Bureau (NGB) References: See Enclosure 1 1. PURPOSE. Pursuant to the authority vested in the Secretary of Defense

Department of Defense INSTRUCTION NUMBER 8310.01 February 2, 2015 DoD CIO SUBJECT: Information Technology Standards in the DoD References: See Enclosure 1 1. PURPOSE. In accordance with the authority in

Department of Defense DIRECTIVE SUBJECT: Information Assurance (IA) NUMBER 8500.01E October 24, 2002 Certified Current as of April 23, 2007 ASD(NII)/DoD CIO References: (a) Section 2224 of title 10, United

Future Trends in Airline Pricing, Yield Management, &AncillaryFees March 13, 2013 THE OPPORTUNITY IS NOW FOR CORPORATE TRAVEL MANAGEMENT BUT FIRST: YOU HAVE TO KNOCK DOWN BARRIERS! but it won t hurt much!

Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

Committee on National Security Systems CNSSP No. 7 9 December 2015 POLICY ON THE USE OF COMMERCIAL SOLUTIONS TO PROTECT NATIONAL SECURITY SYSTEMS THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT

Department of Defense INSTRUCTION NUMBER 8580.1 July 9, 2004 SUBJECT: Information Assurance (IA) in the Defense Acquisition System ASD(NII) References: (a) Chapter 25 of title 40, United States Code (b)

Vehicle Identification Numbering System 00.03 IMPORTANT: See Subject 050 for the vehicle identification numbering system for vehicles built before May 1, 2000. Federal Motor Vehicle Safety Standard 115

Department of Defense INSTRUCTION NUMBER 1000.13 January 23, 2014 USD(P&R) SUBJECT: Identification (ID) Cards for Members of the Uniformed Services, Their Dependents, and Other Eligible Individuals References:

Department of Defense DIRECTIVE NUMBER 8100.02 April 14, 2004 Certified Current as of April 23, 2007 ASD(NII) SUBJECT: Use of Commercial Wireless Devices, Services, and Technologies in the Department of

Department of Defense DIRECTIVE NUMBER 4630.05 May 5, 2004 Certified Current as of April 23, 2007 ASD(NII)/DoD CIO SUBJECT: Interoperability and Supportability of Information Technology (IT) and National

H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable

TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2

UNDER SECRETARY OF DEFENSE 5000 DEFENSE PENTAGON WASHINGTON, DC 20301-5000 INTELLIGENCE July 8, 2013 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF STAFF UNDER SECRETARIES

PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.